Admin change password flow

This commit is contained in:
Cohee
2024-04-10 00:01:03 +03:00
parent 31cc6e51b5
commit 189d096834
8 changed files with 159 additions and 40 deletions

View File

@@ -1,3 +1,4 @@
const fsPromises = require('fs').promises;
const storage = require('node-persist');
const express = require('express');
const slugify = require('slugify').default;
@@ -191,6 +192,33 @@ router.post('/create', requireAdminMiddleware, jsonParser, async (request, respo
}
});
router.post('/delete', requireAdminMiddleware, jsonParser, async (request, response) => {
try {
if (!request.body.handle) {
console.log('Delete user failed: Missing required fields');
return response.status(400).json({ error: 'Missing required fields' });
}
if (request.body.handle === request.user.profile.handle) {
console.log('Delete user failed: Cannot delete yourself');
return response.status(400).json({ error: 'Cannot delete yourself' });
}
await storage.removeItem(toKey(request.body.handle));
if (request.body.purge) {
const directories = getUserDirectories(request.body.handle);
console.log('Deleting data directories for', request.body.handle);
await fsPromises.rm(directories.root, { recursive: true, force: true });
}
return response.sendStatus(204);
} catch (error) {
console.error('User delete failed:', error);
return response.sendStatus(500);
}
});
module.exports = {
router,
};

View File

@@ -67,15 +67,20 @@ router.post('/change-password', jsonParser, async (request, response) => {
return response.status(403).json({ error: 'User is disabled' });
}
const isAdminChange = request.user.profile.admin && request.body.handle !== request.user.profile.handle;
if (!isAdminChange && user.password && user.password !== getPasswordHash(request.body.oldPassword, user.salt)) {
if (!request.user.profile.admin && user.password && user.password !== getPasswordHash(request.body.oldPassword, user.salt)) {
console.log('Change password failed: Incorrect password');
return response.status(401).json({ error: 'Incorrect password' });
}
const salt = getPasswordSalt();
user.password = getPasswordHash(request.body.newPassword, salt);
user.salt = salt;
if (request.body.newPassword) {
const salt = getPasswordSalt();
user.password = getPasswordHash(request.body.newPassword, salt);
user.salt = salt;
} else {
user.password = '';
user.salt = '';
}
await storage.setItem(toKey(request.body.handle), user);
return response.sendStatus(204);
} catch (error) {